From cbea50a1762f1ba229960d1e2eeff8e935b77309 Mon Sep 17 00:00:00 2001
From: libaoshan <libaoshan3@h-partners.com>
Date: Wed, 27 Aug 2025 20:32:04 +0800
Subject: [PATCH] fix sec func

Signed-off-by: libaoshan <libaoshan3@h-partners.com>
---
 src/common/async_cmd.cpp       |  2 +-
 src/common/auth.cpp            |  6 +++++-
 src/common/base.cpp            | 16 +++++++---------
 src/common/base.h              | 16 ----------------
 src/common/file.cpp            |  6 +++---
 src/common/forward.cpp         |  3 +--
 src/common/password.cpp        |  4 ++--
 src/common/session.cpp         |  2 +-
 src/common/transfer.cpp        |  3 +--
 src/common/uart.cpp            |  4 ++--
 src/daemon/daemon_app.cpp      |  2 +-
 src/daemon/daemon_tcp.cpp      |  2 +-
 src/daemon/jdwp.cpp            |  5 ++---
 src/daemon/jdwp.h              |  2 +-
 src/daemon/system_depend.cpp   |  2 +-
 src/host/client.cpp            |  4 ++--
 src/host/host_app.cpp          |  2 +-
 src/host/host_updater.cpp      |  4 ++--
 src/host/server_for_client.cpp |  2 +-
 sudo/src/main.cpp              |  2 +-
 20 files changed, 36 insertions(+), 53 deletions(-)

diff --git a/src/common/async_cmd.cpp b/src/common/async_cmd.cpp
index b3818db5..1baf6889 100644
--- a/src/common/async_cmd.cpp
+++ b/src/common/async_cmd.cpp
@@ -119,7 +119,7 @@ bool AsyncCmd::GetDevItem(const char *key, string &out)
     if (!strcmp(sFailString.c_str(), tmpStringBuf)) {
         WRITE_LOG(LOG_WARN, "GetDevItem false tmpStringBuf:%s", tmpStringBuf);
         ret = false;
-        Base::ZeroArray(tmpStringBuf);
+        memset_s(tmpStringBuf, BUF_SIZE_MEDIUM, 0, BUF_SIZE_MEDIUM);
     }
 #endif
     out = tmpStringBuf;
diff --git a/src/common/auth.cpp b/src/common/auth.cpp
index d95a30b8..c79e10f9 100644
--- a/src/common/auth.cpp
+++ b/src/common/auth.cpp
@@ -812,7 +812,11 @@ static uint8_t* GetPlainPwd(const std::string& privateKeyFile)
         WRITE_LOG(LOG_FATAL, "out of mem %d", plainPwd.second);
         return nullptr;
     }
-    memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second);
+    if(memcpy_s(localPwd, plainPwd.second, plainPwd.first, plainPwd.second) != EOK) {
+        delete []localPwd;
+        localPwd = nullptr;
+        return nullptr;
+    }
     localPwd[plainPwd.second] = '\0';
     return localPwd;
 }
diff --git a/src/common/base.cpp b/src/common/base.cpp
index 95fd3ea2..ea3be4f7 100644
--- a/src/common/base.cpp
+++ b/src/common/base.cpp
@@ -1638,8 +1638,6 @@ static void EchoLog(string &buf)
         return socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, fds);
 #endif
 #else
-        struct sockaddr_in addr;
-        socklen_t addrlen = sizeof(addr);
         int reuse = 1;
         if (fds == 0) {
             return -1;
@@ -1648,24 +1646,25 @@ static void EchoLog(string &buf)
         if (listener == -1) {
             return -2;  // -2:sockets error
         }
-        Base::ZeroStruct(addr);
-        addr.sin_family = AF_INET;
-        addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-        addr.sin_port = 0;
-        fds[0] = fds[1] = (int)-1;
         do {
+            struct sockaddr_in addr = {};
+            addr.sin_family = AF_INET;
+            addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+            addr.sin_port = 0;
             if (setsockopt(listener, SOL_SOCKET, SO_REUSEADDR, (char *)&reuse, (socklen_t)sizeof(reuse))) {
                 break;
             }
             if (::bind(listener, (struct sockaddr *)&addr, sizeof(addr))) {
                 break;
             }
+            socklen_t addrlen = sizeof(addr);
             if (getsockname(listener, (struct sockaddr *)&addr, &addrlen)) {
                 break;
             }
             if (listen(listener, 1)) {
                 break;
             }
+            fds[0] = fds[1] = (int)-1;
             fds[0] = socket(AF_INET, SOCK_STREAM, 0);
             if (fds[0] == -1) {
                 break;
@@ -2127,8 +2126,7 @@ static void EchoLog(string &buf)
     {
         uv_os_sock_t dupFd = -1;
 #ifdef _WIN32
-        WSAPROTOCOL_INFO info;
-        ZeroStruct(info);
+        WSAPROTOCOL_INFO info = {};
         if (WSADuplicateSocketA(tcp->socket, GetCurrentProcessId(), &info) < 0) {
             return dupFd;
         }
diff --git a/src/common/base.h b/src/common/base.h
index f593960c..a2d3c02d 100644
--- a/src/common/base.h
+++ b/src/common/base.h
@@ -114,22 +114,6 @@ namespace Base {
     string Convert2HexStr(uint8_t arr[], int length);
     string CanonicalizeSpecPath(string &src);
     bool TryCreateDirectory(const string &path, string &err);
-    // Just zero a POD type, such as a structure or union
-    // If it contains c++ struct such as stl-string or others, please use 'T = {}' to initialize struct
-    template<class T> int ZeroStruct(T &structBuf)
-    {
-        return memset_s(&structBuf, sizeof(T), 0, sizeof(T));
-    }
-    // just zero a statically allocated array of POD or built-in types
-    template<class T, size_t N> int ZeroArray(T (&arrayBuf)[N])
-    {
-        return memset_s(arrayBuf, sizeof(T) * N, 0, sizeof(T) * N);
-    }
-    // just zero memory buf, such as pointer
-    template<class T> int ZeroBuf(T &arrayBuf, int size)
-    {
-        return memset_s(arrayBuf, size, 0, size);
-    }
     // clang-format off
     const string StringFormat(const char * const formater, ...);
     const string StringFormat(const char * const formater, va_list &vaArgs);
diff --git a/src/common/file.cpp b/src/common/file.cpp
index 2a8ef09e..721a6577 100644
--- a/src/common/file.cpp
+++ b/src/common/file.cpp
@@ -63,7 +63,7 @@ bool HdcFile::BeginTransfer(CtxFile *context, const string &command)
         LogMsg(MSG_FAIL, "HdcFile::BeginTransfer new openReq failed");
         return false;
     }
-    memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
+    (void)memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
     openReq->data = context;
     do {
         ++refCount;
@@ -518,7 +518,7 @@ bool HdcFile::BeginFileOperations()
         LogMsg(MSG_FAIL, "HdcFile::SlaveCheck new openReq failed");
         return false;
     }
-    memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
+    (void)memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
     openReq->data = &ctxNow;
     ++refCount;
     WRITE_LOG_DAEMON(LOG_INFO, "BeginFileOperations cid:%u sid:%u uv_fs_open local:%s remote:%s", taskInfo->channelId,
@@ -549,7 +549,7 @@ void HdcFile::TransferNext(CtxFile *context)
         OnFileOpenFailed(context);
         return;
     }
-    memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
+    (void)memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
     openReq->data = context;
     do {
         ++refCount;
diff --git a/src/common/forward.cpp b/src/common/forward.cpp
index 0a6dd1ed..bc80ae2e 100644
--- a/src/common/forward.cpp
+++ b/src/common/forward.cpp
@@ -529,8 +529,7 @@ bool HdcForwardBase::LocalAbstractConnect(uv_pipe_t *pipe, string &sNodeCfg)
             break;
         }
         fcntl(s, F_SETFD, FD_CLOEXEC);
-        struct sockaddr_un addr;
-        Base::ZeroStruct(addr);
+        struct sockaddr_un addr = {};
         int addrLen = sNodeCfg.size() + offsetof(struct sockaddr_un, sun_path) + 1;
         addr.sun_family = AF_LOCAL;
         addr.sun_path[0] = 0;
diff --git a/src/common/password.cpp b/src/common/password.cpp
index 04674cbc..0cf98bbc 100644
--- a/src/common/password.cpp
+++ b/src/common/password.cpp
@@ -167,12 +167,12 @@ std::pair<uint8_t*, int> HdcPassword::DecryptGetPwdValue(const std::string &encr
 }
 HdcPassword::HdcPassword(const std::string &pwdKeyAlias):hdcHuks(pwdKeyAlias)
 {
-    memset_s(pwd, sizeof(pwd), 0, sizeof(pwd));
+    (void)memset_s(pwd, sizeof(pwd), 0, sizeof(pwd));
 }
 
 HdcPassword::~HdcPassword()
 {
-    memset_s(pwd, sizeof(pwd), 0, sizeof(pwd));
+    (void)memset_s(pwd, sizeof(pwd), 0, sizeof(pwd));
 }
 
 std::pair<uint8_t*, int> HdcPassword::GetPassword(void)
diff --git a/src/common/session.cpp b/src/common/session.cpp
index 67ad3aa5..775ee39a 100755
--- a/src/common/session.cpp
+++ b/src/common/session.cpp
@@ -1072,7 +1072,7 @@ int HdcSessionBase::FetchIOBuf(HSession hSession, uint8_t *ioBuf, int read)
             return ERR_BUF_COPY;
         };
         uint8_t *bufToZero = reinterpret_cast<uint8_t *>(hSession->ioBuf + hSession->availTailIndex);
-        Base::ZeroBuf(bufToZero, hSession->bufSize - hSession->availTailIndex);
+        memset_s(bufToZero, hSession->bufSize - hSession->availTailIndex, 0, hSession->bufSize - hSession->availTailIndex);
     }
     return indexBuf;
 }
diff --git a/src/common/transfer.cpp b/src/common/transfer.cpp
index ae40092e..bef097c8 100644
--- a/src/common/transfer.cpp
+++ b/src/common/transfer.cpp
@@ -817,8 +817,7 @@ bool HdcTransferBase::RecvIOPayload(CtxFile *context, uint8_t *data, int dataSiz
     }
     uint8_t *clearBuf = nullptr;
     string serialString(reinterpret_cast<char *>(data), payloadPrefixReserve);
-    TransferPayload pld;
-    Base::ZeroStruct(pld);
+    TransferPayload pld = {};
     bool ret = false;
     SerialStruct::ParseFromString(pld, serialString);
     int clearSize = 0;
diff --git a/src/common/uart.cpp b/src/common/uart.cpp
index 3e2d8736..1252a6ea 100644
--- a/src/common/uart.cpp
+++ b/src/common/uart.cpp
@@ -1037,9 +1037,9 @@ void HdcUARTBase::TransferStateMachine::Wait()
 HdcUART::HdcUART()
 {
 #ifdef _WIN32
-    Base::ZeroStruct(ovWrite);
+    ovWrite = {};
     ovWrite.hEvent = CreateEvent(NULL, false, false, NULL);
-    Base::ZeroStruct(ovRead);
+    ovRead = {};
     ovRead.hEvent = CreateEvent(NULL, false, false, NULL);
 #endif
 }
diff --git a/src/daemon/daemon_app.cpp b/src/daemon/daemon_app.cpp
index 47150c37..a33ba347 100644
--- a/src/daemon/daemon_app.cpp
+++ b/src/daemon/daemon_app.cpp
@@ -79,7 +79,7 @@ bool HdcDaemonApp::CommandDispatch(const uint16_t command, uint8_t *payload, con
                 WRITE_LOG(LOG_FATAL, "HdcDaemonApp::CommandDispatch new uv_fs_t failed");
                 return false;
             }
-            memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
+            (void)memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
             MakeCtxForAppCheck(payload, payloadSize);
             openReq->data = &ctxNow;
             ++refCount;
diff --git a/src/daemon/daemon_tcp.cpp b/src/daemon/daemon_tcp.cpp
index 57527fe7..ad12735c 100644
--- a/src/daemon/daemon_tcp.cpp
+++ b/src/daemon/daemon_tcp.cpp
@@ -132,7 +132,7 @@ int HdcDaemonTCP::SetTCPListen()
         return ERR_API_FAIL;
     }
     // Get listen port
-    Base::ZeroStruct(addr);
+    addr = {};
     namelen = sizeof(addr);
     if (uv_tcp_getsockname(&servTCP, (sockaddr *)&addr, &namelen)) {
         return ERR_API_FAIL;
diff --git a/src/daemon/jdwp.cpp b/src/daemon/jdwp.cpp
index 3fd8288a..d324d87d 100644
--- a/src/daemon/jdwp.cpp
+++ b/src/daemon/jdwp.cpp
@@ -178,7 +178,7 @@ void HdcJdwp::ReadStream(uv_stream_t *pipe, ssize_t nread, const uv_buf_t *buf)
             }
         }
     }
-    Base::ZeroArray(ctxJdwp->buf);
+    memset_s(ctxJdwp->buf, sizeof(ctxJdwp->buf), 0, sizeof(ctxJdwp->buf));
     if (!ret) {
         WRITE_LOG(LOG_INFO, "ReadStream proc:%d err, free it.", ctxJdwp->pid);
         thisClass->freeContextMutex.lock();
@@ -303,8 +303,7 @@ int HdcJdwp::UvPipeBind(uv_pipe_t* handle, const char* name, size_t size)
     setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, &on, sizeof(on));
 #endif
 
-    struct sockaddr_un saddr;
-    Base::ZeroStruct(saddr);
+    struct sockaddr_un saddr = {};
     size_t capacity = sizeof(saddr.sun_path);
     size_t min = size < capacity ? size : capacity;
     for (size_t i = 0; i < min; i++) {
diff --git a/src/daemon/jdwp.h b/src/daemon/jdwp.h
index dc4e3be6..63223186 100644
--- a/src/daemon/jdwp.h
+++ b/src/daemon/jdwp.h
@@ -58,7 +58,7 @@ private:
         uint32_t ppid;
         PollNode(int fd, uint32_t pid)
         {
-            Base::ZeroStruct(pollfd);
+            pollfd = {};
             pollfd.fd = fd;
             pollfd.events = POLLNVAL | POLLRDHUP | POLLHUP | POLLERR;
             pollfd.revents = 0;
diff --git a/src/daemon/system_depend.cpp b/src/daemon/system_depend.cpp
index 8041981d..50a9d304 100644
--- a/src/daemon/system_depend.cpp
+++ b/src/daemon/system_depend.cpp
@@ -62,7 +62,7 @@ namespace SystemDepend {
         if (!strcmp(sFailString.c_str(), tmpStringBuf)) {
             // failed
             ret = false;
-            Base::ZeroBuf(tmpStringBuf, BUF_SIZE_MEDIUM);
+            memset_s(tmpStringBuf, BUF_SIZE_MEDIUM, 0, BUF_SIZE_MEDIUM);
         }
 #endif
         out = tmpStringBuf;
diff --git a/src/host/client.cpp b/src/host/client.cpp
index 9e573b5f..de0abd44 100755
--- a/src/host/client.cpp
+++ b/src/host/client.cpp
@@ -39,7 +39,7 @@ HdcClient::HdcClient(const bool serverOrClient, const string &addrString, uv_loo
     MallocChannel(&channel);  // free by logic
     debugRetryCount = 0;
 #ifndef _WIN32
-    Base::ZeroStruct(terminalState);
+    terminalState = {};
 #endif
     isCheckVersionCmd = checkVersion;
 }
@@ -639,7 +639,7 @@ void HdcClient::ReadStd(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf)
         return;  // error
     }
     thisClass->Send(hChannel->channelId, reinterpret_cast<uint8_t *>(cmd), strlen(cmd));
-    Base::ZeroArray(hChannel->bufStd);
+    memset_s(cmd, sizeof(hChannel->bufStd) * strlen(hChannel->bufStd), 0, sizeof(hChannel->bufStd) * strlen(hChannel->bufStd));
 }
 
 void HdcClient::ModifyTty(bool setOrRestore, uv_tty_t *tty)
diff --git a/src/host/host_app.cpp b/src/host/host_app.cpp
index e366e655..1cd08a77 100644
--- a/src/host/host_app.cpp
+++ b/src/host/host_app.cpp
@@ -120,7 +120,7 @@ bool HdcHostApp::RunQueue(CtxFile *context)
         OnFileOpenFailed(context);
         return false;
     }
-    memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
+    (void)memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
     openReq->data = context;
     ++refCount;
     uv_fs_open(loopTask, openReq, context->localPath.c_str(), O_RDONLY, 0, OnFileOpen);
diff --git a/src/host/host_updater.cpp b/src/host/host_updater.cpp
index 0ac9e857..3d47d2e7 100755
--- a/src/host/host_updater.cpp
+++ b/src/host/host_updater.cpp
@@ -85,7 +85,7 @@ bool HostUpdater::RunQueue(CtxFile &context)
         OnFileOpenFailed(&context);
         return false;
     }
-    memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
+    (void)memset_s(openReq, sizeof(uv_fs_t), 0, sizeof(uv_fs_t));
     openReq->data = &context;
     refCount++;
     uv_fs_open(loopTask, openReq, context.localPath.c_str(), O_RDONLY, 0, OnFileOpen);
@@ -138,7 +138,7 @@ bool HostUpdater::BeginTransfer(const std::string &function, const uint8_t *payl
 void HostUpdater::CheckMaster(CtxFile *context)
 {
     uv_fs_t fs;
-    Base::ZeroStruct(fs.statbuf);
+    fs.statbuf = {};
     uv_fs_fstat(nullptr, &fs, context->openFd, nullptr);
     context->transferConfig.fileSize = fs.statbuf.st_size;
     uv_fs_req_cleanup(&fs);
diff --git a/src/host/server_for_client.cpp b/src/host/server_for_client.cpp
index 21337b91..d0253bb3 100644
--- a/src/host/server_for_client.cpp
+++ b/src/host/server_for_client.cpp
@@ -474,7 +474,7 @@ bool HdcServerForClient::NewConnectTry(void *ptrServer, HChannel hChannel, const
                 hChannel->connectLocalDevice = true;
             }
         }
-        Base::ZeroBuf(hChannel->bufStd, bufOffsetTwo);
+        memset_s(hChannel->bufStd, sizeof(hChannel->bufStd) * strlen(hChannel->bufStd), 0, sizeof(hChannel->bufStd) * strlen(hChannel->bufStd));
         childRet = snprintf_s(hChannel->bufStd + bufOffsetTwo, sizeof(hChannel->bufStd) - bufOffsetTwo,
                               sizeof(hChannel->bufStd) - bufOffsetThree, "%s",
                               const_cast<char *>(connectKey.c_str()));
diff --git a/sudo/src/main.cpp b/sudo/src/main.cpp
index 140586bf..7340f791 100644
--- a/sudo/src/main.cpp
+++ b/sudo/src/main.cpp
@@ -338,7 +338,7 @@ static bool VerifyUserPin()
 
     GetUserPwd(passwd, PWD_BUF_LEN);
     pwdVerifyResult = UserAccountVerify(passwd, strnlen(passwd, PWD_BUF_LEN));
-    memset_s(passwd, sizeof(passwd), 0, sizeof(passwd));
+    (void)memset_s(passwd, sizeof(passwd), 0, sizeof(passwd));
     if (!pwdVerifyResult) {
         WriteTty(USER_VERIFY_FAILED);
     }
-- 
Gitee